News and analysis of critical issues in homeland security

October 31, 2007

Washington-based think tank CSIS is joined by Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology; and Rep. Michael McCaul (R-Texas), the ranking Republican on the subcommittee to launch a cybersecurity commission of top experts in the field charged with putting forth recommendations for the next U.S. president.

The 32-member commission plans to finish its work by the end of 2008. Co-chairmen of the commission are retired Admiral Bobby Inman, former director of the U.S. National Security Agency; Scott Charney, corporate vice president for trustworthy computing at Microsoft Corp.; Rep. Langevin and Rep. McCaul.

IBM Says It Will Spend $1.5 Billion on Computer Security-Related Products in 2008

BOSTON (AP) — IBM Corp. plans to announce Thursday that it will boost what it spends developing computer security products to $1.5 billion in 2008, reflecting an intensifying focus for the company.

IBM executives would not say how much they used to spend. But analyst Charles King of Pund-IT Research said he believes $1.5 billion would be twice what IBM traditionally spends on security research and product development each year.

The figure is separate from IBM’s spending on acquisitions that bring in new technology. In the past year IBM has bought several security companies, including Internet Security Systems Inc. for $1.3 billion and Watchfire Corp. for at least $100 million.

Now IBM says it is integrating technologies from its acquisitions with security software and services developed in house. It expects to offer broader security packages so customers can reduce the number of providers they hire to protect their data.

“We believe there’s a crisis in the marketplace right now,” said Val Rahmani, who heads IBM’s infrastructure management services.

Even with this sharper focus, IBM will encounter tough competition from security specialists and other information-technology vendors such as Hewlett-Packard Co. and EMC Corp., which have also been spending heavily to bolster their offerings.

Good timing since it is a full decade since the President’s Commission on Critical Infrastructure Protection differentiated cyber security from physical security in a seminal report. That report had major defects but did lead to PDD 63 and further Executive Branch activity. Hopefully, the new commission will look back to that report, trace its findings, defects, and what has or has not transpired in the meantime.
In my opinion the passage of a decade has resulted in little real progress in cyber security. Microsoft still imposes real costs on the economy by its failures in the security arena even while its dominance persists. This reflects the high price society might yet pay for monopoly arrangements in a critical sector.
Also, the Emergency Services sector, supposedly lead by FEMA still lacks both interoperability and security.

With little to point to as a track record by DHS on protecting against cyber security, I agree that this is long overdue. However, you raise an important point in that this is a challenge for the private sector as much as it is for component agencies of DHS and other Executive agencies. Heck, DOD endures thousands of cyber attacks daily. In many ways, this is a classic homeland security challenge: public
sector and private sector are at once targeted and responsible for protection. When interests align like this, one can only hope that collaboration would emerge to good effect.

Doing so may require the attention of the President, not only a couple members of Congress. Perhaps we can still expect to see a new cyber security strategy emerge from the White House as another stab at a swan song.